Hackers encrypt data on some servers of Brooklyn Hospital Center
Hackers used malware this past summer to encrypt data on some servers at Brooklyn Hospital Center in New York, according to a recent notification letter from the hospital.
In late July, the facility became aware of unusual activity with some of its servers. An examination by a data forensics firm determined that malware from one or more hackers had encrypted certain information systems.
Investigators say they did not find evidence that data was actually accessed or acquired by unauthorized persons.
On September 4, investigators confirmed that despite efforts to recover the data, certain amounts and types of data were unrecoverable, the organization told affected patients.
After learning of the incident the hospital restored its affected systems and tightened security of its network. Now, Brooklyn Hospital Center is reviewing its policies and procedures relating to data security and further is enhancing existing security protocols, patients learned.
“While our recovery efforts are ongoing, based on this determination, we are undertaking a diligent review of patient data that may be potentially impacted by this event and taking steps to notify those individuals whose records may no longer be available. To date, we are unaware of any actual or attempted access to, or misuse, of medical or personal information.”
Unrecoverable information resulting from the attack included patient names and certain dental or cardiac images. The patient notification letter does not offer credit monitoring or identity protection services, probably because the breach did not involve sensitive identity information. If the HHS Office for Civil Rights, which enforces the breach notification rules, deems an organization should have offered protective services, it will let the organization know and expect appropriate measures.
For now, the notice letter to patients gives information on how they can better protect against identity theft and fraud. “The hospital encourages those who may be affected to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits, to monitor credit reports for suspicious activity, and to detect errors,” patients were advised.
Brooklyn Hospital Center did not divulge now many patients may be affected by the hackers, but that number will soon be added to the HHS data breach website.